github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-10 15:42:19 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
676bb9a417
linux/drivers
History
Kees Cook 676bb9a417 HID: validate HID report id size 
commit 43622021d2 upstream.

The "Report ID" field of a HID report is used to build indexes of
reports. The kernel's index of these is limited to 256 entries, so any
malicious device that sets a Report ID greater than 255 will trigger
memory corruption on the host:

[ 1347.156239] BUG: unable to handle kernel paging request at ffff88094958a878
[ 1347.156261] IP: [<ffffffff813e4da0>] hid_register_report+0x2a/0x8b

CVE-2013-2888

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2013-09-26 17:15:34 -07:00
..
accessibility
acpi ACPI / EC: Add ASUSTEK L4R to quirk list in order to validate ECDT 2013-09-07 21:58:15 -07:00
amba ARM: 7366/3: amba: Remove AMBA level regulator support 2012-04-13 14:04:08 +01:00
ata libata: apply behavioral quirks to sil3826 PMP 2013-08-29 09:50:13 -07:00
atm atm/iphase: rename fregt_t -> ffreg_t 2013-02-14 10:49:05 -08:00
auxdisplay
base drivers/base/memory.c: fix show_mem_removable() to handle missing sections 2013-09-07 21:58:14 -07:00
bcma bcma: mips: fix clearing device IRQ 2013-01-17 08:50:41 -08:00
block xen/blkback: Check device permissions before allowing OP_DISCARD 2013-08-04 16:25:54 +08:00
bluetooth Bluetooth: Add support for Dell[QCA 0cf3:817a] 2013-04-05 10:04:15 -07:00
cdrom drivers/cdrom/cdrom.c: use kzalloc() for failing hardware 2013-07-13 11:03:40 -07:00
char virtio: console: return -ENODEV on all read operations after unplug 2013-08-14 22:57:07 -07:00
clk clk: remove notifier from list before freeing it 2013-06-27 11:27:30 -07:00
clocksource Revert "clocksource: Load the ACPI PM clocksource asynchronously" 2012-04-12 00:05:05 +02:00
connector
cpufreq cpufreq / Longhaul: Disable driver by default 2013-05-11 13:48:10 -07:00
cpuidle Merge branches 'idle-fix' and 'misc' into release 2012-04-06 21:48:59 -04:00
crypto crypto: mv_cesa requires on CRYPTO_HASH to build 2012-05-15 01:10:06 +00:00
dca dca: check against empty dca_domains list before unregister provider 2013-02-28 06:59:06 -08:00
devfreq
dio
dma drivers/dma/pl330.c: fix locking in pl330_free_chan_resources() 2013-07-21 18:19:02 -07:00
edac EDAC: Test correct variable in ->store function 2013-02-03 18:24:41 -06:00
eisa EISA/PCI: Fix bus res reference 2013-04-12 09:38:44 -07:00
firewire firewire: fix libdc1394/FlyCap2 iso event regression 2013-08-04 16:26:02 +08:00
firmware efivars: Handle duplicate names from get_next_variable() 2013-04-05 10:04:36 -07:00
gpio gpiolib: Don't return -EPROBE_DEFER to sysfs, or for invalid gpios 2012-11-05 09:50:41 +01:00
gpu drm/i915: ivb: fix edp voltage swing reg val 2013-09-07 21:58:15 -07:00
hid HID: validate HID report id size 2013-09-26 17:15:34 -07:00
hsi HSI: hsi_char: Remove max_data_size from sysfs 2012-04-23 14:23:32 +03:00
hv Drivers: hv: Cleanup error handling in vmbus_open() 2012-10-31 10:02:58 -07:00
hwmon hwmon: (adt7470) Fix incorrect return code check 2013-08-14 22:57:06 -07:00
hwspinlock hwspinlock: fix __hwspin_lock_request error path 2013-04-12 09:38:46 -07:00
i2c i2c: designware: always clear interrupts before enabling them 2013-05-24 11:14:22 -07:00
ide
idle
ieee802154
infiniband IPoIB: Fix send lockup due to missed TX completion 2013-03-28 12:12:25 -07:00
input Input: cyttsp - fix memcpy size param 2013-06-27 11:27:33 -07:00
iommu iommu/amd: Only unmap large pages from the first pte 2013-07-28 16:25:47 -07:00
isdn isdn/gigaset: fix zero size border case in debug dump 2013-02-14 10:49:04 -08:00
leds drivers/leds/leds-ot200.c: fix error caused by shifted mask 2013-06-07 12:49:13 -07:00
lguest
macintosh
mca
md md/raid1,raid10: use freeze_array in place of raise_barrier in various places. 2013-08-20 08:26:28 -07:00
media media: mantis: fix silly crash case 2013-05-24 11:14:23 -07:00
memstick
message
mfd mfd: adp5520: Restore mode bits on resume 2013-05-07 19:51:57 -07:00
misc SGI-XP: handle non-fatal traps 2013-01-11 09:06:29 -08:00
mmc mmc: atmel-mci: pio hang on block errors 2013-05-07 19:51:57 -07:00
mtd vm: convert mtdchar mmap to vm_iomap_memory() helper 2013-04-25 21:19:56 -07:00
net ath9k: avoid accessing MRC registers on single-chain devices 2013-09-26 17:15:33 -07:00
nfc NFC: pn533: Fix mem leak in pn533_in_dep_link_up 2012-12-03 11:47:12 -08:00
nubus
of of: fdt: fix memory initialization for expanded DT 2013-08-29 09:50:12 -07:00
oprofile oprofile: perf: use NR_CPUS instead or nr_cpumask_bits for static array 2012-07-16 09:04:21 -07:00
parisc parisc: move definition of PAGE0 to asm/page.h 2012-05-10 15:12:08 -07:00
parport
pci ahci: Add AMD CZ SATA device ID 2013-07-21 18:19:01 -07:00
pcmcia pcmcia: at91_cf: fix gpio_get_value in at91_cf_get_status 2013-07-21 18:19:01 -07:00
pinctrl pinctrl: tegra: set low power mode bank width to 2 2012-10-28 10:14:14 -07:00
platform thinkpad-acpi: recognize latest V-Series using DMI_BIOS_VENDOR 2013-06-07 12:49:49 -07:00
pnp pnpacpi: fix incorrect TEST_ALPHA() test 2013-01-11 09:06:29 -08:00
power charger-manager: Ensure event is not used as format string 2013-07-13 11:03:40 -07:00
pps
ps3
ptp ptp_pch: Add missing #include <linux/slab.h> 2012-05-16 14:44:44 -04:00
rapidio rapidio/tsi721: fix unused variable compiler warning 2012-09-14 10:00:20 -07:00
regulator regulator: wm831x: Set the new rather than old value for DVS VSEL 2013-01-17 08:50:41 -08:00
remoteproc remoteproc: fix a potential NULL-dereference on cleanup 2012-10-07 08:32:28 -07:00
rpmsg rpmsg: fix dependency on initialization order 2012-07-19 08:58:57 -07:00
rtc drivers/rtc/rtc-rv3029c2.c: fix disabling AIE irq 2013-07-21 18:19:01 -07:00
s390 SCSI: zfcp: fix schedule-inside-lock in scsi_device list loops 2013-08-29 09:50:13 -07:00
sbus
scsi SCSI: sd: Fix potential out-of-bounds access 2013-09-26 17:15:29 -07:00
sfi
sh
sn
spi spi/mpc512x-psc: optionally keep PSC SS asserted across xfer segmensts 2013-04-12 09:38:43 -07:00
ssb ssb: implement spurious tone avoidance 2013-04-25 21:19:55 -07:00
staging staging: comedi: dt282x: dt282x_ai_insn_read() always fails 2013-09-26 17:15:31 -07:00
target target: Fix trailing ASCII space usage in INQUIRY vendor+model 2013-09-07 21:58:16 -07:00
tc
thermal thermal: return an error on failure to register thermal class 2013-04-12 09:38:47 -07:00
tty powerpc/hvsi: Increase handshake timeout from 200ms to 400ms. 2013-09-07 21:58:14 -07:00
uio
usb usb: config->desc.bLength may not exceed amount of data returned by the device 2013-09-26 17:15:32 -07:00
uwb uwb: fix error handling 2012-04-18 13:15:51 -07:00
vhost vhost: zerocopy: poll vq in zerocopy callback 2013-09-14 06:02:10 -07:00
video fbcon: when font is freed, clear also vc_font.data 2013-05-07 19:51:53 -07:00
virt
virtio virtio: support unlocked queue poll 2013-08-04 16:26:03 +08:00
vlynq
w1 w1: fix oops when w1_search is called from netlink connector 2013-03-20 13:04:59 -07:00
watchdog hpwdt: Fix kdump issue in hpwdt 2012-10-02 10:30:08 -07:00
xen xen-gnt: prevent adding duplicate gnt callbacks 2013-09-26 17:15:30 -07:00
zorro
Kconfig
Makefile